By:Rahul Mehta || Related Tips: > Reporting Services SecurityProblem
In general, reports provide singular and comparative analysis and can be formatted as statistical, tabular or graphical. At times, confidential data should only be available to certain users. With SQL Server Reporting Services , how can we implement column level security in order to restrict a user's to view certain data.Solution
SQL Server Reporting Services includes a feature called Column Visibility which can be used to implement column level security. In this tip will we demonstrate column level security with the following steps:First Step: Create a table to manage column level access to sensitive data on a per login basis. Second Step: Create a stored procedure to return the login column security information. Third Step: Build an SSRS report with a parameter in to read the login column security information from the stored procedure created in step 2. Fourth Step: Implement the Column Visibility feature to use the SSRS parameter to show or hide columns.
NOTE - This tip assumes you are proficient at building SQL Server Reporting Services Reports. If you are new to the technology, check out this tutorial .Step 0 - Setup a Sample Data Set
I have created a sample table called Employee with an identifier, name, age and salary.
I have also created a sample report of the Employee table to show all columns from the table:
Step 1 - Sensitive Data Management
Create a second table called "FieldRules" which has three fields: UserName(nvarchar), FieldName(nvarchar) and IsVisible(bit). Once created, add a sample record. In this case, I have added a sample user with field name (i.e. Salary) to show/hide the visibility (i.e. set to false) as shown below.
Step 2 - Stored Procedure to Return Data Access
Create a stored procedure ShowColumnInfo to return the data access for the sensitive information for a specific UserID based on an input parameter:CREATE PROCEDURE [dbo].[ShowColumnnInfo] @UserID nvarchar(100)
WHERE UserName = @UserID
GO Step 3 - Build the SQL Server Reporting Services Report
To start building the report, create a DataSource (i.e. DataSource1 in this example) in the SSRS report to access the database. Next, create a dataset called ShowFieldDataSet which will access the data from the FieldRules table using the dbo.ShowColumnInfo stored procedure as shown below.
Also we have to create two parameters: UserID (to be passed as a parameter to stored procedure "ShowFieldDataset") which is shown above and FieldsToShow (which will pull IsVisible values from "ShowFieldDataSet") which is shown below.
Step 4 - Configure SQL Server Reporting Services Column Visibility
The last step is to configure the Salary column to show/hide depending upon the value from the FieldsToShow parameter. Select the column in the SSRS report, right-click and select "Column Visibility". Configure the expression as shown in the figure below.
Final SSRS Report Demonstration
Now enter the login name (i.e. User ID), and it will show/hide the "Salary" column. In this case, we have configure the logic to not to show the "Salary" column for the user "Rahul" .